Blog Archives | Page 2 of 137

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

‘Orca Watch’ Series

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Table of contentsTechnical OverviewAffected SystemsRisk ImpactHow Orca Can Help A critical supply-chain attack has compromised 32 official npm packages under...

The Orca Research Pod

Jun 01, 2026

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

‘Orca Watch’ Series

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

A critical vulnerability (CVE-2026-45618, CVSS 10.0) was disclosed affecting LiquidJS, a widely used Node.js implementation of Shopify's Liquid template language...

The Orca Research Pod

Jun 01, 2026

Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud

Cloud Security Learning

Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud

Table of contentsThe "Bring Your Own AI" Crisis: Why Shadow AI Bypasses Traditional GatewaysThe Cloud Architect's Framework: Detecting Shadow AI...

The Orca Security Team

Jun 01, 2026

Data Security Posture Management (DSPM) for AI

Cloud Security Learning

Data Security Posture Management (DSPM) for AI

Table of contentsThe AI Data Security Crisis: Why Traditional DSPM FailsThe 4 Pillars of DSPM for AI ModelsPillar 1: Discovering...

The Orca Security Team

May 29, 2026

Gitea Container Registry Exposes Private Images to Unauthenticated Attackers

‘Orca Watch’ Series

Gitea Container Registry Exposes Private Images to Unauthenticated Attackers

A critical access control vulnerability (CVE-2026-27771) has been disclosed in Gitea's built-in container registry, allowing any unauthenticated remote attacker to...

The Orca Security Team

May 27, 2026

Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection

‘Orca Watch’ Series

Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection

A critical vulnerability (CVE-2026-45695, CVSS 9.8) was disclosed affecting Kopia, the open-source backup and restore tool, allowing attackers to achieve...

The Orca Security Team

May 26, 2026

Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026

Cloud Security Fundamentals

Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026

Table of contentsKey TakeawaysWhy Are Security Teams Looking for Cortex (Prisma Cloud) Alternatives?Agent deployment at the speed of your cloudMultiple...

The Orca Security Team

May 22, 2026

7 Enterprise AI Security Risks to Manage

Cloud Security Learning

7 Enterprise AI Security Risks to Manage

Table of contentsKey TakeawaysUnderstanding Enterprise AI Security RisksRecurring AI Security Risk Patterns in Enterprise SystemsHow These Themes Map to the...

The Orca Security Team

May 22, 2026

Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure

‘Orca Watch’ Series

Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure

A max-severity vulnerability (CVE-2026-45829, CVSS 10.0) was disclosed affecting ChromaDB, the widely used open-source vector database for AI applications, allowing...

Roi Nisimi

May 21, 2026

Blog

Red Hat npm Packages Compromised in Supply-Chain Attack Spreading Credential-Stealing Worm

Critical RCE in LiquidJS Lets Attackers Execute Arbitrary Commands on Unpatched Hosts

Securing Shadow AI: How to Detect Unapproved LLMs in Your Cloud

Data Security Posture Management (DSPM) for AI

Gitea Container Registry Exposes Private Images to Unauthenticated Attackers

Critical Unauthenticated RCE in Kopia Backup via SSH ProxyCommand Injection

Best Palo Alto Networks Cortex (Prisma Cloud) Alternatives in 2026

7 Enterprise AI Security Risks to Manage

Critical Pre-Auth RCE in ChromaDB Threatens AI Infrastructure

Cloud Security Platform

Technology Ecosystem

By Solution

By Industry

Comparisons